feat(portal-rest): wire AcceptUserInvitationUseCase into UsersResource.finalizeRegistration

https://gravitee.atlassian.net/browse/APIM-14130

Author: dev-marek

gravitee-apim-rest-api/gravitee-apim-rest-api-management/gravitee-apim-rest-api-management-rest/src/main/java/io/gravitee/rest/api/management/rest/resource/organization/UsersRegistrationResource.java

@@ -17,21 +17,13 @@
 
 import static io.gravitee.common.http.MediaType.APPLICATION_JSON;
 
-import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase;
-import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase.GroupInvitationAction;
-import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase.UserRegistrationAction;
-import io.gravitee.apim.core.user.model.RawPassword;
-import io.gravitee.apim.core.user.service_provider.TokenService;
-import io.gravitee.apim.infra.adapter.UserAdapter;
 import io.gravitee.common.http.MediaType;
 import io.gravitee.rest.api.management.rest.resource.AbstractResource;
 import io.gravitee.rest.api.model.NewExternalUserEntity;
 import io.gravitee.rest.api.model.RegisterUserEntity;
 import io.gravitee.rest.api.model.UserEntity;
 import io.gravitee.rest.api.service.UserService;
 import io.gravitee.rest.api.service.common.GraviteeContext;
-import io.gravitee.rest.api.service.common.JWTHelper;
-import io.gravitee.rest.api.service.exceptions.UserStateConflictException;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
@@ -46,7 +38,6 @@
 import jakarta.ws.rs.container.ResourceContext;
 import jakarta.ws.rs.core.Context;
 import jakarta.ws.rs.core.Response;
-import java.util.Optional;
 
 /**
  * Defines the REST resources to manage users registration.
@@ -65,12 +56,6 @@ public class UsersRegistrationResource extends AbstractResource {
     @Inject
     private UserService userService;
 
-    @Inject
-    private TokenService tokenService;
-
-    @Inject
-    private AcceptUserInvitationUseCase acceptUserInvitationUseCase;
-
     /**
      * Register a new user.
      * Generate a token and send it in an email to allow a user to create an account.
@@ -106,27 +91,11 @@ public Response registerUser(@Valid NewExternalUserEntity newExternalUserEntity)
     )
     @ApiResponse(responseCode = "500", description = "Internal server error")
     public Response finalizeUserRegistration(@Valid RegisterUserEntity registerUserEntity) {
-        var decoded = tokenService.decode(registerUserEntity.getToken());
-
-        if (JWTHelper.ACTION.RESET_PASSWORD.name().equals(decoded.action())) {
-            throw new UserStateConflictException("Reset password forbidden on this resource");
+        UserEntity newUser = userService.finalizeRegistration(GraviteeContext.getExecutionContext(), registerUserEntity);
+        if (newUser != null) {
+            return Response.ok().entity(newUser).build();
         }
 
-        var executionContext = GraviteeContext.getExecutionContext();
-        var action = JWTHelper.ACTION.GROUP_INVITATION.name().equals(decoded.action())
-            ? new GroupInvitationAction(decoded.email(), decoded.subject())
-            : new UserRegistrationAction(decoded.email(), decoded.subject());
-
-        var password = Optional.ofNullable(registerUserEntity.getPassword()).map(RawPassword::new);
-        var input = new AcceptUserInvitationUseCase.Input(
-            executionContext,
-            action,
-            password,
-            Optional.ofNullable(registerUserEntity.getFirstname()),
-            Optional.ofNullable(registerUserEntity.getLastname())
-        );
-
-        var output = acceptUserInvitationUseCase.execute(input);
-        return Response.ok().entity(UserAdapter.INSTANCE.toUserEntity(output.user())).build();
+        return Response.serverError().build();
     }
 }

gravitee-apim-rest-api/gravitee-apim-rest-api-portal/gravitee-apim-rest-api-portal-rest/src/main/java/io/gravitee/rest/api/portal/rest/mapper/FinalizeRegistrationMapper.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright © 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.gravitee.rest.api.portal.rest.mapper;
+
+import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase;
+import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase.GroupInvitationAction;
+import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase.UserRegistrationAction;
+import io.gravitee.apim.core.user.model.DecodedToken;
+import io.gravitee.apim.core.user.model.RawPassword;
+import io.gravitee.rest.api.portal.rest.model.FinalizeRegistrationInput;
+import io.gravitee.rest.api.service.common.ExecutionContext;
+import io.gravitee.rest.api.service.common.JWTHelper;
+import java.util.Optional;
+import org.springframework.stereotype.Component;
+
+@Component
+public class FinalizeRegistrationMapper {
+
+    public AcceptUserInvitationUseCase.Input toUseCaseInput(
+        ExecutionContext executionContext,
+        DecodedToken decoded,
+        FinalizeRegistrationInput input
+    ) {
+        var action = JWTHelper.ACTION.GROUP_INVITATION.name().equals(decoded.action())
+            ? new GroupInvitationAction(decoded.email(), decoded.subject())
+            : new UserRegistrationAction(decoded.email(), decoded.subject());
+
+        return new AcceptUserInvitationUseCase.Input(
+            executionContext,
+            action,
+            Optional.ofNullable(input.getPassword()).map(RawPassword::new),
+            Optional.ofNullable(input.getFirstname()),
+            Optional.ofNullable(input.getLastname())
+        );
+    }
+}

gravitee-apim-rest-api/gravitee-apim-rest-api-portal/gravitee-apim-rest-api-portal-rest/src/main/java/io/gravitee/rest/api/portal/rest/resource/UsersResource.java

@@ -18,14 +18,18 @@
 import static io.gravitee.rest.api.model.permissions.RolePermissionAction.READ;
 import static java.util.function.Predicate.not;
 
+import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase;
 import io.gravitee.apim.core.user.model.UserSearchQuery;
+import io.gravitee.apim.core.user.service_provider.TokenService;
 import io.gravitee.apim.core.user.use_case.SearchUsersUseCase;
+import io.gravitee.apim.infra.adapter.UserAdapter;
 import io.gravitee.common.http.MediaType;
 import io.gravitee.rest.api.model.InlinePictureEntity;
 import io.gravitee.rest.api.model.PictureEntity;
 import io.gravitee.rest.api.model.UrlPictureEntity;
 import io.gravitee.rest.api.model.UserEntity;
 import io.gravitee.rest.api.model.permissions.RolePermission;
+import io.gravitee.rest.api.portal.rest.mapper.FinalizeRegistrationMapper;
 import io.gravitee.rest.api.portal.rest.mapper.UserMapper;
 import io.gravitee.rest.api.portal.rest.mapper.UsersSearchQueryMapper;
 import io.gravitee.rest.api.portal.rest.model.*;
@@ -35,9 +39,11 @@
 import io.gravitee.rest.api.rest.annotation.Permissions;
 import io.gravitee.rest.api.service.UserService;
 import io.gravitee.rest.api.service.common.GraviteeContext;
+import io.gravitee.rest.api.service.common.JWTHelper;
 import io.gravitee.rest.api.service.exceptions.AbstractManagementException;
 import io.gravitee.rest.api.service.exceptions.ForbiddenAccessException;
 import io.gravitee.rest.api.service.exceptions.PasswordAlreadyResetException;
+import io.gravitee.rest.api.service.exceptions.UserStateConflictException;
 import jakarta.inject.Inject;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotNull;
@@ -63,6 +69,15 @@ public class UsersResource extends AbstractResource {
     @Inject
     private UserService userService;
 
+    @Inject
+    private TokenService tokenService;
+
+    @Inject
+    private AcceptUserInvitationUseCase acceptUserInvitationUseCase;
+
+    @Inject
+    private FinalizeRegistrationMapper finalizeRegistrationMapper;
+
     @Inject
     private SearchUsersUseCase searchUsersUseCase;
 
@@ -96,15 +111,16 @@ public Response registerUser(@Valid @NotNull(message = "Input must not be null."
     public Response finalizeRegistration(
         @Valid @NotNull(message = "Input must not be null.") FinalizeRegistrationInput finalizeRegistrationInput
     ) {
-        UserEntity newUser = userService.finalizeRegistration(
-            GraviteeContext.getExecutionContext(),
-            userMapper.convert(finalizeRegistrationInput)
-        );
-        if (newUser != null) {
-            return Response.ok().entity(userMapper.convert(newUser)).build();
+        var decoded = tokenService.decode(finalizeRegistrationInput.getToken());
+
+        if (JWTHelper.ACTION.RESET_PASSWORD.name().equals(decoded.action())) {
+            throw new UserStateConflictException("Reset password forbidden on this resource");
         }
 
-        return Response.serverError().build();
+        var executionContext = GraviteeContext.getExecutionContext();
+        var useCaseInput = finalizeRegistrationMapper.toUseCaseInput(executionContext, decoded, finalizeRegistrationInput);
+        var output = acceptUserInvitationUseCase.execute(useCaseInput);
+        return Response.ok().entity(userMapper.convert(UserAdapter.INSTANCE.toUserEntity(output.user()))).build();
     }
 
     @POST

gravitee-apim-rest-api/gravitee-apim-rest-api-portal/gravitee-apim-rest-api-portal-rest/src/test/java/io/gravitee/rest/api/portal/rest/resource/AbstractResourceTest.java

@@ -23,6 +23,7 @@
 import io.gravitee.apim.core.application_certificate.use_case.GetClientCertificatesUseCase;
 import io.gravitee.apim.core.application_certificate.use_case.UpdateClientCertificateUseCase;
 import io.gravitee.apim.core.application_certificate.use_case.ValidateClientCertificateUseCase;
+import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase;
 import io.gravitee.apim.core.subscription.use_case.CreateSubscriptionUseCase;
 import io.gravitee.apim.core.subscription_form.domain_service.SubscriptionFormSchemaGenerator;
 import io.gravitee.rest.api.portal.rest.JerseySpringTest;
@@ -121,6 +122,12 @@
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
 public abstract class AbstractResourceTest extends JerseySpringTest {
 
+    @Autowired
+    protected AcceptUserInvitationUseCase acceptUserInvitationUseCase;
+
+    @Autowired
+    protected io.gravitee.apim.core.user.service_provider.TokenService registrationTokenService;
+
     @Autowired
     protected CreateSubscriptionUseCase createSubscriptionUseCase;
 

gravitee-apim-rest-api/gravitee-apim-rest-api-portal/gravitee-apim-rest-api-portal-rest/src/test/java/io/gravitee/rest/api/portal/rest/resource/UsersResourceTest.java

@@ -21,6 +21,9 @@
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.*;
 
+import io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase;
+import io.gravitee.apim.core.user.model.BaseUserEntity;
+import io.gravitee.apim.core.user.model.DecodedToken;
 import io.gravitee.apim.core.user.model.UserSearchQuery;
 import io.gravitee.apim.core.user.use_case.SearchUsersUseCase;
 import io.gravitee.common.http.HttpStatusCode;
@@ -30,7 +33,9 @@
 import io.gravitee.rest.api.model.UserEntity;
 import io.gravitee.rest.api.portal.rest.model.*;
 import io.gravitee.rest.api.service.common.GraviteeContext;
+import io.gravitee.rest.api.service.common.JWTHelper;
 import io.gravitee.rest.api.service.exceptions.UserNotFoundException;
+import io.gravitee.rest.api.service.exceptions.UserStateConflictException;
 import jakarta.ws.rs.client.Entity;
 import jakarta.ws.rs.core.Response;
 import java.io.IOException;
@@ -61,6 +66,8 @@ protected String contextPath() {
     public void init() {
         resetAllMocks();
         reset(searchUsersUseCase);
+        reset(acceptUserInvitationUseCase);
+        reset(registrationTokenService);
 
         searchUser = io.gravitee.apim.core.user.model.User.builder()
             .id("my-user-id")
@@ -269,47 +276,62 @@ public void shouldHaveBadRequestWhileFinalizingRegistrationWithEmpty() {
     }
 
     @Test
-    public void shouldFinalizeRegistration() {
-        // init
-        FinalizeRegistrationInput input = new FinalizeRegistrationInput()
-            .token("token")
-            .password("P4s5vv0Rd")
-            .firstname("Firstname")
-            .lastname("LASTNAME");
-
-        RegisterUserEntity registerUserEntity = new RegisterUserEntity();
-        doReturn(registerUserEntity).when(userMapper).convert(input);
+    public void should_finalize_registration_for_user_registration_action() {
+        var input = new FinalizeRegistrationInput().token("my-jwt").password("P4s5vv0Rd").firstname("John").lastname("Doe");
+        var decoded = new DecodedToken(JWTHelper.ACTION.USER_REGISTRATION.name(), "user@example.com", Optional.empty());
+        var user = BaseUserEntity.builder().id("user-id").email("user@example.com").build();
 
-        doReturn(new UserEntity()).when(userService).finalizeRegistration(GraviteeContext.getExecutionContext(), registerUserEntity);
+        doReturn(decoded).when(registrationTokenService).decode("my-jwt");
+        doReturn(new AcceptUserInvitationUseCase.Output(user)).when(acceptUserInvitationUseCase).execute(any());
+        doReturn(new io.gravitee.rest.api.portal.rest.model.User()).when(userMapper).convert(any(UserEntity.class));
 
-        // test
         final Response response = target("registration/_finalize").request().post(Entity.json(input));
+
         assertEquals(HttpStatusCode.OK_200, response.getStatus());
+        verify(registrationTokenService).decode("my-jwt");
+        verify(acceptUserInvitationUseCase).execute(any());
+    }
 
-        Mockito.verify(userMapper).convert(input);
-        Mockito.verify(userService).finalizeRegistration(GraviteeContext.getExecutionContext(), registerUserEntity);
+    @Test
+    public void should_finalize_registration_for_group_invitation_action() {
+        var input = new FinalizeRegistrationInput().token("my-jwt").password("P4s5vv0Rd").firstname("John").lastname("Doe");
+        var decoded = new DecodedToken(JWTHelper.ACTION.GROUP_INVITATION.name(), "user@example.com", Optional.of("user-id"));
+        var user = BaseUserEntity.builder().id("user-id").email("user@example.com").build();
+
+        doReturn(decoded).when(registrationTokenService).decode("my-jwt");
+        doReturn(new AcceptUserInvitationUseCase.Output(user)).when(acceptUserInvitationUseCase).execute(any());
+        doReturn(new io.gravitee.rest.api.portal.rest.model.User()).when(userMapper).convert(any(UserEntity.class));
+
+        final Response response = target("registration/_finalize").request().post(Entity.json(input));
+
+        assertEquals(HttpStatusCode.OK_200, response.getStatus());
+        verify(acceptUserInvitationUseCase).execute(any());
     }
 
     @Test
-    public void shouldNotFinalizeRegistration() {
-        // init
-        FinalizeRegistrationInput input = new FinalizeRegistrationInput()
-            .token("token")
-            .password("P4s5vv0Rd")
-            .firstname("Firstname")
-            .lastname("LASTNAME");
+    public void should_return_conflict_when_reset_password_action() {
+        var input = new FinalizeRegistrationInput().token("my-jwt").password("P4s5vv0Rd").firstname("John").lastname("Doe");
+        var decoded = new DecodedToken(JWTHelper.ACTION.RESET_PASSWORD.name(), "user@example.com", Optional.empty());
 
-        RegisterUserEntity registerUserEntity = new RegisterUserEntity();
-        doReturn(registerUserEntity).when(userMapper).convert(input);
+        doReturn(decoded).when(registrationTokenService).decode("my-jwt");
 
-        doReturn(null).when(userService).finalizeRegistration(GraviteeContext.getExecutionContext(), registerUserEntity);
+        final Response response = target("registration/_finalize").request().post(Entity.json(input));
+
+        assertEquals(HttpStatusCode.CONFLICT_409, response.getStatus());
+        verify(acceptUserInvitationUseCase, never()).execute(any());
+    }
+
+    @Test
+    public void should_propagate_token_decode_error() {
+        var input = new FinalizeRegistrationInput().token("invalid-jwt").password("P4s5vv0Rd").firstname("John").lastname("Doe");
+        doThrow(new com.auth0.jwt.exceptions.JWTVerificationException("invalid token"))
+            .when(registrationTokenService)
+            .decode("invalid-jwt");
 
-        // test
         final Response response = target("registration/_finalize").request().post(Entity.json(input));
-        assertEquals(HttpStatusCode.INTERNAL_SERVER_ERROR_500, response.getStatus());
 
-        Mockito.verify(userMapper).convert(input);
-        Mockito.verify(userService).finalizeRegistration(GraviteeContext.getExecutionContext(), registerUserEntity);
+        assertEquals(HttpStatusCode.INTERNAL_SERVER_ERROR_500, response.getStatus());
+        verify(acceptUserInvitationUseCase, never()).execute(any());
     }
 
     @Test

gravitee-apim-rest-api/gravitee-apim-rest-api-portal/gravitee-apim-rest-api-portal-rest/src/test/java/io/gravitee/rest/api/portal/rest/spring/ResourceContextConfiguration.java

@@ -620,6 +620,17 @@ public UserMapper userMapper() {
         return mock(UserMapper.class);
     }
 
+    @Bean
+    public io.gravitee.rest.api.portal.rest.mapper.FinalizeRegistrationMapper finalizeRegistrationMapper() {
+        return new io.gravitee.rest.api.portal.rest.mapper.FinalizeRegistrationMapper();
+    }
+
+    @Bean
+    @org.springframework.context.annotation.Primary
+    public io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase primaryAcceptUserInvitationUseCase() {
+        return mock(io.gravitee.apim.core.invitation.use_case.AcceptUserInvitationUseCase.class);
+    }
+
     @Bean
     public AnalyticsMapper analyticsMapper() {
         return mock(AnalyticsMapper.class);